Remote data protection in a networked storage computing environment

ABSTRACT

Protecting and restoring data within a networked (e.g. cloud) storage computing environment through asynchronous replication and remote backup of data and its associated metadata. Data backup and recovery functionality provides data backups by detecting incremental updates to the data and its associated metadata at specific points in time determined by policies. The policies are configurable based on user requirements. Multiple copies of the data backups can be made and stored in separate compressed files at backup/disaster recovery locations. The backups of data and its associated metadata, which includes file system configuration information can be used to restore the state of a computer file system to that of a given point-in-time. Accordingly, a data protection approach is disclosed for protecting data at both the file system level and application level.

TECHNICAL FIELD

The present invention generally relates to networked storage computing.Specifically, the present invention relates to providing remote dataprotection for a general parallel file system based networked (e.g.cloud) storage computing environment, through asynchronous coordinateddata and metadata replication.

BACKGROUND

The cloud computing environment is an enhancement to the predecessorgrid environment, whereby multiple grids and other computation resourcesmay be further abstracted by a cloud layer, thus making disparatedevices appear to an end-user/consumer as a single pool of seamlessresources that are highly scalable. These resources may include suchthings as physical or logical compute engines, servers and devices,device memory, storage devices, etc.

Computer hardware and software applications are often critical to theefficient operations of companies, as well as the stability of the worldeconomy as a whole. Many of today's businesses require 24/7 availabilityfor critical applications and downtime of such critical applications canquickly decrease revenue. As a result, companies have to prepare forunplanned computer system outages that may shut down their businessoperations. Unplanned outages can be caused by, among other things,someone gaining unauthorized access to a business's computer systems,computer hardware failure, natural disasters, or even a disaster causedby human error or malicious intent. To prepare for unplanned computersystem outages, companies create disaster recovery plans, which areutilized to provide for continuity and/or restoration of computersystems that are critical for business operations. Preparation ofdisaster recovery plans has expanded as businesses have come to realizethe extent of their dependency on computer systems and applications.

Moreover, companies have to prepare for planned outages such as testdeployments for scheduled software application version upgrades, or forscheduled maintenance of computer hardware systems and components.Generally, companies announce to customers and employees when a plannedoutage will occur, such as a software application version upgrade.Upgrades may take more time than expected and occasionally, can evencause more unforeseen problems than an unplanned outage if loss orcorruption of data and/or applications occurs.

Accordingly, companies typically need their production environment to beready for software application installation/upgrade testing, and/or“mock” disaster recovery scenario testing. For example, a company may berunning a computer software version 1.0 in a first productionenvironment and wants to upgrade the first production environment tocomputer software version 1.1. Therefore, the company may need a remotesecond production environment that runs in parallel to the firstproduction environment, which utilizes a set of the first productionenvironment's data. One purpose of the remote second productionenvironment would be to test a computer software version 1.1 upgrade,prior to deployment of the version 1.1 upgrade to the first productionenvironment.

Furthermore, a company may also desire, for remote data protectionpurposes, to use the remote second production environment as a “hotbackup” location, and perform testing so as to ensure the company canswitch back and forth between the first production environment and theremote second production environment in case a computer system outageoccurs.

SUMMARY

Aspects of the present invention provide a method, a computer programproduct, and a system that include: recording data and associatedmetadata at specific points-in-time based on policies that enforce botha recovery point objective (RPO) that defines a maximum time period inwhich loss of the data is allowed and a recovery time objective (RTO)that defines a duration of time in which the data must be restored aftera disruption to a network attached storage appliance, wherein thenetwork attached storage appliance is part of a storage cluster thatprovides computing storage services and offers a computing device accessto a common set of data consolidated from a plurality of user systems;copying the data and the associated metadata into backup files; andgenerating a data structure with pointers to the backup files, based ona schedule configured to achieve the RPO and the RTO, wherein the datastructure with pointers to the backup files comprises a file pathassociated with a status and at least one of the pointers to the backupfiles, wherein the status indicates whether data at a location specifiedby the file path is newly created, has been modified since a previousbackup copy was performed, or is unchanged since the previous backupcopy was performed.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

These and other features of this invention will be more readilyunderstood from the following detailed description of the variousaspects of the invention taken in conjunction with the accompanyingdrawings in which:

FIG. 1 depicts a networked (e.g. cloud) computing node according to anembodiment of the present invention.

FIG. 2 depicts a networked (e.g. cloud) computing environment accordingto an embodiment of the present invention.

FIG. 3 depicts abstraction model layers according to an embodiment ofthe present invention.

FIGS. 4A-4B depict a high-level architectural view of a network attachedstorage cluster supporting a disaster recovery infrastructure accordingto an embodiment of the present invention.

FIG. 5 depicts a data protection remote backup process in a networked(e.g. cloud) storage environment according to an embodiment of thepresent invention.

FIG. 6 depicts a method flow diagram for remote data protection in anetworked (e.g. cloud) computing environment according to an embodimentof the present invention.

FIG. 7 depicts creation of file-lists from point-in-time (PIT) snapshotsof data and file system configuration information according to anembodiment of the present invention.

FIG. 8 depicts a method flow diagram for creation of file-listsaccording to an embodiment of the present invention.

FIG. 9 depicts a method flow diagram for restoration of data andconfiguration files in a networked (e.g. cloud) computing environmentaccording to an embodiment of the present invention.

The drawings are not necessarily to scale. The drawings are merelyschematic representations, not intended to portray specific parametersof the invention. The drawings are intended to depict only typicalembodiments of the invention, and therefore should not be considered aslimiting the scope of the invention. In the drawings, like numberingrepresents like elements.

DETAILED DESCRIPTION

Exemplary embodiments now will be described more fully herein withreference to the accompanying drawings, in which exemplary embodimentsare shown. This disclosure may, however, be embodied in many differentforms and should not be construed as limited to the exemplaryembodiments set forth herein. Rather, these exemplary embodiments areprovided so that this disclosure will be thorough and complete and willfully convey the scope of this disclosure to those skilled in the art.In the description, details of well-known features and techniques may beomitted to avoid unnecessarily obscuring the presented embodiments.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of this disclosure.As used herein, the singular forms “a”, “an”, and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. Furthermore, the use of the terms “a”, “an”, etc., do notdenote a limitation of quantity, but rather denote the presence of atleast one of the referenced items. It will be further understood thatthe terms “comprises” and/or “comprising”, or “includes” and/or“including”, when used in this specification, specify the presence ofstated features, regions, integers, steps, operations, elements, and/orcomponents, but do not preclude the presence or addition of one or moreother features, regions, integers, steps, operations, elements,components, and/or groups thereof.

Embodiments of the present invention provide an approach for protectingdata in a networked (e.g. cloud) storage computing environment throughasynchronous replication and remote backup of data and its associatedmetadata, which includes file system configuration information. Underembodiments of the present invention, data backup and recoveryfunctionality is provided.

Specifically, the data backup and recovery functionality provides backupand transfer of data and file system configuration information from aprimary location to a remote disaster recovery location, and restorationof the data and file system configuration information from the remotedisaster recovery location to a desired target location. Moreover, thedata backup and recovery functionality provides the capability for acloud administrator to manage a service that protects customer data withpoint-in-time consistency at a local or remote location in apolicy-based fashion.

It is understood in advance that although this disclosure includes adetailed description of cloud computing, implementation of the teachingsrecited herein are not limited to a cloud computing environment. Rather,embodiments of the present invention are capable of being implemented inconjunction with any other type of computing environment now known orlater developed.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g. networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model may includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded, automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but may be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based email). Theconsumer does not manage or control the underlying cloud infrastructureincluding network, servers, operating systems, storage, or evenindividual application capabilities, with the possible exception oflimited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication-hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary computer software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It may be managed by the organization or a third party andmay exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It may be managed by the organizations or a third partyand may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forload-balancing between clouds).

A cloud computing environment is service oriented with a focus onstatelessness, low coupling, modularity, and semantic interoperability.At the heart of cloud computing is an infrastructure comprising anetwork of interconnected nodes.

Referring now to FIG. 1, a schematic of an example of a cloud computingnode is shown. Cloud computing node 10 is only one example of a suitablecloud computing node and is not intended to suggest any limitation as tothe scope of use or functionality of embodiments of the inventiondescribed herein. Regardless, cloud computing node 10 is capable ofbeing implemented and/or performing any of the functionality set forthhereinabove.

In cloud computing node 10, there is a computer system/server 12, whichis operational with numerous other general purpose or special purposecomputing system environments or configurations. Examples of well-knowncomputing systems, environments, and/or configurations that may besuitable for use with computer system/server 12 include, but are notlimited to, personal computer systems, server computer systems, thinclients, thick clients, hand-held or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputer systems, mainframecomputer systems, and distributed cloud computing environments thatinclude any of the above systems or devices, and the like.

Computer system/server 12 may be described in the general context ofcomputer system-executable instructions, such as program modules, beingexecuted by a computer system. Generally, program modules may includeroutines, programs, objects, components, logic, data structures, and soon that perform particular tasks or implement particular abstract datatypes. Computer system/server 12 may be practiced in distributed cloudcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed cloud computing environment, program modules may be locatedin both local and remote computer system storage media including memorystorage devices.

As shown in FIG. 1, computer system/server 12 in cloud computing node 10is shown in the form of a general purpose computing device. Thecomponents of computer system/server 12 may include, but are not limitedto, one or more processors or processing units 16, a system memory 28,and a bus 18 that couples various system components including systemmemory 28 to processor 16.

Bus 18 represents one or more of any of several types of bus structures,including a memory bus or memory controller, a peripheral bus, anaccelerated graphics port, and a processor or local bus using any of avariety of bus architectures. By way of example, and not limitation,such architectures include Industry Standard Architecture (ISA) bus,Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, VideoElectronics Standards Association (VESA) local bus, and PeripheralComponent Interconnects (PCI) bus.

Computer system/server 12 typically includes a variety of computersystem readable media. Such media may be any available media that isaccessible by computer system/server 12, and it includes both volatileand non-volatile media, removable and non-removable media.

System memory 28 can include computer system readable media in the formof volatile memory, such as random access memory (RAM) 30 and/or cachememory 32. Computer system/server 12 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 34 can be provided forreading from and writing to a non-removable, non-volatile magnetic media(not shown and typically called a “hard drive”). Although not shown, amagnetic disk drive for reading from and writing to a removable,non-volatile magnetic disk (e.g., a “floppy disk”), and an optical diskdrive for reading from or writing to a removable, non-volatile opticaldisk such as a CD-ROM, DVD-ROM, or other optical media can be provided.In such instances, each can be connected to bus 18 by one or more datamedia interfaces. As will be further depicted and described below,memory 28 may include at least one program product having a set (e.g.,at least one) of program modules that are configured to carry out thefunctions of embodiments of the invention.

The embodiments of the invention may be implemented as a computerreadable signal medium, which may include a propagated data signal withcomputer readable program code embodied therein (e.g., in baseband or aspart of a carrier wave). Such a propagated signal may take any of avariety of forms including, but not limited to, electro-magnetic,optical, or any suitable combination thereof. A computer readable signalmedium may be any computer readable medium that is not a computerreadable storage medium and that can communicate, propagate, ortransport a program for use by or in connection with an instructionexecution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium including, but not limited to, wireless,wireline, optical fiber cable, radio-frequency (RF), etc., or anysuitable combination of the foregoing.

Program/utility 40, having a set (at least one) of program modules 42,may be stored in memory 28 by way of example, and not limitation, aswell as an operating system, one or more application programs, otherprogram modules, and program data. Each of the operating systems, one ormore application programs, other program modules, and program data orsome combination thereof, may include an implementation of a networkingenvironment. Program modules 42 generally carry out the functions and/ormethodologies of embodiments of the invention as described herein.

Computer system/server 12 may also communicate with one or more externaldevices 14 such as a keyboard, a pointing device, a display 24, etc.;one or more devices that enable a user/consumer to interact withcomputer system/server 12; and/or any devices (e.g., network card,modem, etc.) that enable computer system/server 12 to communicate withone or more other computing devices. Such communication can occur viaI/O interfaces. 22. Still yet, computer system/server 12 can communicatewith one or more networks such as a local area network (LAN), a generalwide area network (WAN), and/or a public network (e.g., the Internet)via network adapter 20. As depicted, network adapter 20 communicateswith the other components of computer system/server 12 via bus 18. Itshould be understood that although not shown, other hardware and/orcomputer software components could be used in conjunction with computersystem/server 12. Examples include, but are not limited to: microcode,device drivers, redundant processing units, external disk drive arrays,RAID systems, tape drives, and data archival storage systems, etc.

Referring now to FIG. 2, illustrative cloud computing environment 50 isdepicted. As shown, cloud computing environment 50 comprises one or morecloud computing nodes 10 with which local computing devices used bycloud consumers, such as, for example, personal digital assistant (PDA)or cellular telephone 54A, desktop computer 54B, laptop computer 54C,and/or automobile computer system 54N may communicate. Nodes 10 maycommunicate with one another. They may be grouped (not shown) physicallyor virtually, in one or more networks, such as private, community,public, or hybrid clouds as described hereinabove, or a combinationthereof. This allows cloud computing environment 50 to offerinfrastructure, platforms, and/or software as services for which a cloudconsumer does not need to maintain resources on a local computingdevice. It is understood that the types of computing devices 54A-N shownin FIG. 2 are intended to be illustrative only and that computing nodes10 and cloud computing environment 50 can communicate with any type ofcomputerized device over any type of network and/or network addressableconnection (e.g., using a web browser).

Referring now to FIG. 3, a set of functional abstraction layers providedby cloud computing environment 50 (FIG. 2) is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 3 are intended to be illustrative only and embodiments of theinvention are not limited thereto. As depicted, the following layers andcorresponding functions are provided:

Hardware and software layer 60 includes hardware and computer softwarecomponents. Examples of hardware components include mainframes. In oneexample, IBM® zSeries® systems and RISC (Reduced Instruction SetComputer) architecture based servers. In one example, IBM pSeries®systems, IBM xSeries® systems, IBM BladeCenter® systems, storagedevices, networks, and networking components. Examples of computersoftware components include network application server software. In oneexample, IBM WebSphere® application server software and databasesoftware. In one example, IBM DB2® database software. (IBM, zSeries,pSeries, xSeries, BladeCenter, WebSphere, and DB2 are trademarks ofInternational Business Machines Corporation registered in manyjurisdictions worldwide.)

Virtualization layer 62 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers;virtual storage; virtual networks, including virtual private networks;virtual applications and operating systems; and virtual clients.

Management layer 64 provides for management of cloud services residingon servers within a cloud computing environment. In one embodiment,management layer 64 may provide the program modules and/orfunctionalities described below. Resource provisioning provides dynamicprocurement of computing resources and other resources that are utilizedto perform tasks within the cloud computing environment. User/consumerportal provides access to the cloud computing environment for consumersand system administrators. Service level management provides cloudcomputing resource allocation and management such that required servicelevels are met. Data backup and recovery functionality 66 includes oneor more program modules that provides data backup and data restorationfor remote data protection in a networked (e.g. cloud) storage computingenvironment.

It is understood that functions of the present invention as describedherein may be performed by the data backup and recovery functionality66, which can be tangibly embodied as modules of program code 42 (shownin FIG. 1) of program/utility 40 (shown in FIG. 1) residing at the cloudmanagement layer 64. However, this need not be the case. Rather, thefunctionality recited herein could be carried out/implemented and/orenabled by other layers depicted in FIG. 3, such as workloads layer 68.

Workloads layer 68 provides examples of functionality for which thecloud computing environment may be utilized. In one embodiment workloadsand functions which may be provided from this layer include: mapping andnavigation; software development and lifecycle management; virtualclassroom education delivery; data analytics processing; transactionprocessing; and information lifecycle management. As mentioned above,all of the foregoing examples described with respect to FIG. 3 areillustrative only, and the invention is not limited to these examples.In addition, workloads and applications are used synonymously.

It is reiterated that although this disclosure includes a detaileddescription on cloud computing, implementation of the teachings recitedherein are not limited to a cloud computing environment. Rather, theembodiments of the present invention are intended to be implemented withany type of networked (e.g. cloud) storage computing environment nowknown or later developed.

Referring now to FIG. 4A, a scale out network attached storage cloudinfrastructure 400 that can be offered by a networked (e.g. cloud)computing storage service provider is shown. Storage cloudinfrastructure 400 comprises support for client computers utilizingstandards-based network protocols 405 which comprise Hypertext TransferProtocol (HTTP), Network File System (NFS) Protocol, Secure CopyProtocol (SCP), Computer Internet File System (CIFS) Protocol, FileTransfer Protocol (FTP), and Secure Shell (SSH) Protocol. InternetProtocol (IP) network 410 provides for connectivity between clientcomputers utilizing protocols 405 and storage cloud infrastructure 400,so that a user can access files residing in storage cloud infrastructure400. A cloud administrator 417 can utilize computer-based portal 419 toaccess management node 415. Through management node 415 and utilizationof computer-based portal 419, administrator 417 can configure, manageand monitor storage cloud infrastructure 400, including data backup andrestore policies. Restore policies are rules which may be implemented bycomputer program code in order to satisfy a user's requirements, whichinclude business data retention, recovery point objective (RPO), andrecovery time objective (RTO). Furthermore, storage cloud infrastructure400 can have one or more interface nodes 420-421. Interface nodes420-421 provide user access to the data and file services within cloudinfrastructure 400, and may utilize standard protocols 405. Within cloudinfrastructure 400, storage is arranged in storage pods 430 and 431,which each contain a pair of storage nodes 440-441 and 450-451,respectively. The interface nodes 420-421 are connected to the storagepods 430-431 respectively, via a high speed internal network 425.Moreover, interface node 420 and storage nodes 440-441 function togetherto provide direct access to physical storage 446 via logical storagepool 445. In addition, interface node 421 and storage nodes 450-451function together to provide direct access to physical storage 456 vialogical storage pool 455. Thus, a user is given the IP address assignedto an interface node, wherein the interface node can then be utilized todirectly access data within a storage pod. Specifically, the storage podwill contain the user's data and file system configuration information.

Referring now to FIG. 4B, which illustrates scale out network attachedstorage cloud infrastructure 400 in further detail, as well as supportof other types of infrastructures including an infrastructure for aremote office location 470, and an infrastructure for businesscontinuity such as a remote disaster recovery location 475. Scale outnetwork attached storage cloud infrastructure 400 services can beoffered through a networked (e.g. cloud) computing storage serviceprovider in conjunction with a private cloud environment for privateusers, or in conjunction with a public cloud environment for publicusers.

In one embodiment, one purpose of a remote disaster recovery location475 is to provide for the ability of Company “A” to continue businessoperations when primary computer software applications and computerhardware systems 465 are not accessible, or are accessible but notoperating as required by Company A principal office users 460 andCompany A remote office users 462. A remote office location 470 is whereCompany A has decided to locate an office staffed with remote users 462,at a location other than that of principal office users 460, for reasonswhich may include reducing employee commute time, increasing marketpresence, and/or improving customer service. Remote office users 462working at remote office location 470 would also have access to CompanyA's computing systems via an application cluster at remote officelocation 470. Both principal office users 460 and remote office users462 may access remote disaster recovery location 475 via networkconnection 472. Accordingly, embodiments of the present invention relateto remote data protection at remote disaster recovery location 475 ownedby Company A or a separate business entity, Company “B”.

In one embodiment of the present invention, Company A principal officeusers 460 and Company A remote office users 462 may store customer datawithin public cloud infrastructure 400 which is owned by the separatebusiness entity, Company B. However, if Company A principal office users460 and Company A remote office users 462 also decide to obtain remotedata protection for disaster recovery purposes, then both users 460 and462 could pay extra fees to have customer data replicated and protectedremotely at remote disaster recovery location 475. Remote disasterrecovery location 475 can be located at a separate physical locationthan public cloud infrastructure 400 based on Company A's preferreddisaster recovery strategy.

In another embodiment, Company “C” principal office users 464 may storesoftware application data in their own private cloud infrastructure 480.Company C may decide that remote data protection for business continuitypurposes is needed in the event of a natural disaster, to meetgovernmental regulations, or for other reasons. Thus, Company A orCompany B or whichever entity has responsibility for public cloudinfrastructure 400, can provide remote data protection services forCompany C principal office users 464 via network connection 473 toremote disaster recovery location 475. If Company C provides Company Bwith access to their complete set of application data, then Company Bcan perform a complete application restoration. However, if Company Cdoes not provide a complete set of application data to Company B, thenCompany B can only perform “restoration at the file system levelonward.” The phrase “restoration at the file system level onward,” meansthat if Company B has responsibility for Company C's application stackthen Company B can perform an application specificquiesce/write-suspend, perform a GPFS specific quiesce/write-suspend,and create a GPFS snapshot. However, if Company B does not haveresponsibility for Company C's application stack then Company B can onlyperform a GPFS specific quiesce/write-suspend, and create a GPFSsnapshot. A quiesce operation will temporarily force all users off aspecified instance and database, and puts the database into quiescedmode. The quiesce/write-suspend mode is a restricted mode, where onlyusers with authority are allowed to connect to the instance or thedatabase within public cloud infrastructure 400. Inquiesce/write-suspend mode, the users with authority can performadministrative tasks on the database within public cloud infrastructure400.

FIG. 5 depicts a backup process for restoration of remotely protecteddata in remote disaster recovery location 475 (also shown in FIG. 4B).In one embodiment, there is data stored in Company “D” public/privatecloud infrastructure 500. At time t0, Company B, which provides dataprotection services for Company D, takes a point-in-time (PIT) fullbackup copy 505 of Company D's data and file system configuration, andcreates three components, which include a data file 520, a configurationfile 521, and a file-list 522 that are all transferred to remotedisaster recovery location 475. Data file 520 may contain, for example,Company D's actual data such as customer information which can becompressed, in one example as a zip file, in order to reduce the storagespace required to maintain the data. Configuration file 521 is a fullbackup copy of Company D's General Parallel File System (GPFS) metadata.Specifically, configuration file 521 contains information regardingquotas, filesets, policies, access control lists, primary nodes, andsecondary nodes. File-list 522 contains information regarding where thecopied data resides within remote disaster recovery location 475. Aftera full backup copy is performed data is copied and transferred to remotedisaster recovery location 475. The transfer of the data is performed byCompany B utilizing rsync technology, so that Company B is not storingdata file 520 and data file 530 in the same environment as the originaldata. Rsync is a software application/protocol, which can support a Unixbased system to provide for the synchronization of files and directoriesbetween one location and another. Rsync technology can save bandwidthand minimize data transfers. However, the remote transfer of backup datacan be performed using rsync application/protocol or other protocolsincluding ftp or http. Moreover, many methods for the transfer of datato a remote location exist, which include manual data transfer, computerscheduled data transfer, or a combination of both manual and computerscheduled data transfer.

At time t1, Company B makes a point-in-time incremental backup copy ofdata 510 of Company D's data and file system configuration, and createsthree components which are: data file 530, configuration file 531, andfile-list 532 which are all transferred to remote disaster recoverylocation 475. As shown in FIG. 5, data file 530 can be compressed as azip file in order to reduce the storage space required to maintain thedata. Thus, after a full backup copy is made at time t0, subsequentlyscheduled backup copies will be incremental backup copies of data andfile system configuration information. As a result, incremental backupcopies of data includes only new data that has been created after thefull backup copy was performed, or data that has been modified since aprevious backup copy was performed. Furthermore, after an incrementalbackup copy is performed data is copied and transferred to remotedisaster recovery location 475. The transfer of the incremental copy ofbackup data is performed by Company B, utilizing rsync technology, sothat Company B is not storing data file 520 and data file 530 in thesame environment as the original data. However, the remote transfer ofbackup data can be performed using other protocols including ftp orhttp. Moreover, many remote transfer of data methods exist to transferdata to a remote data location, and those methods include manual datatransfer, computer scheduled data transfer, or a combination of both amanual and computer scheduled data transfer.

Referring now to FIG. 6, a method flow diagram depicting a data backupprocess, offered by a networked (e.g. cloud) computing storage serviceprovider, according to one embodiment of the present invention, isshown. Thus, the service provider has a network attached storage cloudinfrastructure. In one embodiment, the following steps which aredescribed with reference to FIG. 6 may be performed by data backup andrecovery functionality 66 (shown in FIG. 3). As depicted in step 600,snapshot schedules are determined based on a company's recovery pointobjective (RPO) and recovery time objective (RTO). In step 602, validityof the backup creation process is checked by performing the followingtasks: check for GPFS maximum snapshot limit, check for existence ofpreviously created snapshot (resulting from the backup creationprocess), and check for network connectivity. In step 603, the storageservice provider that has responsibility for the user's applicationstack is determined. If a networked (e.g. cloud) computing storageservice provider has responsibility for the user's complete applicationstack (i.e., application, server, and storage) then, in step 604, thestorage service provider can perform an application specificquiesce/write-suspend and proceed to step 606. However, if the networked(e.g. cloud) computing storage service provider does not haveresponsibility for the user's application stack, then the networked(e.g. cloud) computing storage service provider does not perform step604, which is an application specific quiesce/write-suspend, instead thecomputing storage service provider performs step 606.

In step 604, an application specific quiesce/write-suspend is performed.In step 606, the GPFS specific quiesce/write-suspend is performed. Steps604 and 606 prevent a production application from writing data tostorage within the network attached storage cloud infrastructure of theservice provider by performing an application specificquiesce/write-suspend. In step 608, a GPFS snapshot is created. In step610, a backup of a GPFS configuration is created. In step 612, aspecific write-resume is performed. In step 614, an application specificwrite-resume is performed. Steps 612 and 614 permit the productionapplication to resume writing data to storage within the networkattached storage cloud infrastructure of the service provider by aspecific write-resume command. Next in step 616, a determination is madeas to whether this is the first time, a copy of the data and file systemconfiguration has been performed. If the determination made in step 616is that this is the first time a copy of the data and file systemconfiguration information has been performed, then step 617 is performednext. In step 617, a full point-in-time copy, based on a company'sreplication policy, is created. However, if the determination made in616 is that it is not the first time a copy of the data and file systemconfiguration information has been performed, and then step 618 isperformed next. In step 618, only an incremental backup copy isperformed, which includes only new data that has been created after thefull backup copy was performed, or data that has been modified since aprevious backup copy was performed.

In step 620, a file-list is created, which contains the location ofwhere the full backup copy and incremental backup copies of the data andfile system configuration are stored within remote disaster recoverylocation 475 (shown in FIG. 4B). Next in step 622, a remote copy of thedata, file system configuration, and file-list is created at remotedisaster recovery location 475. Then, in step 624, policy compliance ischecked, which includes ensuring that the restore does not span morethan a company specified number of backups, and ensuring that the backupdata is retained according to the company's policies. Specifically, toperform step 624 a policy is created that ensures the backup processdoes not span more than a specified number of full and incrementalbackup copies. An asynchronous process determines whether the dataretention compliance policy has been violated, and if the data retentioncompliance policy has been violated the asynchronous process copiesredundant data or performs a full restore to create a new backuplocation. In addition, affected file-lists are modified by theasynchronous process. Lastly, the data backup process ends at step 626.

Referring now to FIG. 7, a process for creating a file-list is depicted.FIG. 7 further depicts how file-lists can be utilized to restore acompany's computer software applications and data state to that of aspecific point in time. In one embodiment, the process described hereinbelow with reference to FIG. 7 may be performed by data backup andrecovery functionality 66 (shown in FIG. 3). In one embodiment, afile-list is implemented by utilizing a hash map based data structurethat is analogous to a database table with a primary key. Specifically,a hash map may be utilized to search and store values, and can provideadvanced search functionality for applications. In another embodiment, afile-list may be implemented by utilizing database tables, simple textfiles, delimiter based files, XML files, or other in-memorystructured/semi-structured documents or data structures.

In one embodiment, a scale out network attached storage (SONAS)appliance 700 is utilized. SONAS is a high-performance scale out filemanagement solution that can provide fast, reliable access to a commonset of file data from tens of thousands of user systems. SONAS enablesusers to efficiently consume storage by consolidating petabytes of datainto an integrated solution. Moreover, SONAS simplifies networked (e.g.cloud) storage management by consolidating many network attached storagedevices into one centrally managed, centrally deployed, flexible, anddynamic storage cluster. At time t0, on SONAS appliance 700, thereexists a file system named “mnt” with the following four file paths:mnt/foo file path 720, mnt/dir file path 722, mnt/bar file path 721, andmnt/dir/file1 file path 723. At time t0, point-in-time compressed copiesof all files on SONAS appliance 700 are made. Next, a file-list 715 isthen created utilizing a data table with columns and rows, whichincludes a column for file path 730, a column for snapshot status 731, acolumn for snapshot ID 732, row 735 containing an entry for file path720, row 736 containing an entry for file path 722, row 737 containingentries for file paths 721 and 723, and row 738 containing entries forfile paths 723-725.

Column file path 730 indicates the location of the point-in-timecompressed copies of data within a given file at remote disasterrecovery location 475 (shown in FIG. 4B). Column file path 730 can havea plurality of entries corresponding to file paths 720-725. Columnsnapshot status 731, indicates whether a copy of data was created (C)for the first time, was modified (M), or was unchanged (UC). Each entryfor file paths 720-725 will have a corresponding snapshot status 731 ofC, M, or UC. Thus, if a copy of file paths 720-725 was created for thefirst time then the corresponding snapshot status 731 for each of thefile paths 720-725 is C (i.e., created). If any one of the file paths720-725 contains data that was modified, then the file path thatcontains modified data would have a corresponding snapshot status 731 ofM (i.e., modified). Lastly, if any one of the file paths contains datathat was completely unchanged then the file path that containscompletely unchanged data would have a corresponding snapshot status 731of UC (i.e., unchanged). Accordingly, in the present example describedwith reference to FIG. 7, and specifically file-list 715, at time t0 apoint-in-time copy was made for the first time, so for each of theentries corresponding to file paths 720-723 the snapshot status 731 isC. Moreover, snapshot ID 732 defines the point-in-time compressed copy,where data in a particular file path can be found. For example, at timet0 the corresponding snapshot ID 732 for all file paths 720-723 is 0,which records that a point-in-time compressed copy of data within agiven file path 730, at time t0, can be found in t1.zip. However, if thecorresponding snapshot ID 732 for file paths 720-723 is 1, then thepoint-in-time compressed copy of data within a given file path 730, attime t1, would is found in t1.zip. Thus, snapshot ID 732 defines whichpoint-in-time compressed copy (e.g. zip file) is to be selected in orderto find data within a given file path 730 at a given point in time, atremote disaster recovery location 475.

Next at time t01, FIG. 7 illustrates that a user (e.g. company) whosubscribes to data protection services can make their own backup copy,but their action of making their own copy will not affect the operationof data backup and recovery process described herein. At time t1, anincremental point-in-time compressed copy of files on appliance 700 iscreated. Subsequent point-in-time copies, made after time t0, can alsobe referred to as incremental point-in-time copies. At time t1,file-list 716 is created having entries corresponding to file paths 720and 722-724. In addition, if data has been newly created (i.e., C),modified (i.e., M), or is unchanged (i.e., UC) then snapshot status 731for entries corresponding to file paths 720 and 722-724 is updated toreflect the correct status as either C, M, or UC. Moreover, since anincremental backup copy is being created at time t1, if data within afile path has been modified or newly created at time t1, then the snapshot ID 732 is 1 for the entries corresponding to file paths 720 and722-724. As a result, in the present example depicted in FIG. 7, entriescorresponding to file paths 722 and 724 have a snap shot ID 732 of 1.The snapshot ID of 1, records that a point-in-time compressed copy ofdata for a specific file path can be found in t1.zip.

In the present example, in file-list 716 at time t1, the entrycorresponding to file path 720 was unmodified so its snapshot status 732is UM and its snapshot ID is 0. File path 721 was deleted, so it nolonger exists at time t1. File path 722 was modified so its snapshotstatus 732 is M and its snapshot ID is 1. File path 723 was unmodifiedso its snapshot status 732 is UM and snapshot ID is 0. At time t1, anentry corresponding to file path 724 (i.e. mnt/dir/file2) was newlycreated, so its corresponding snapshot status is C and its snapshot IDis 1.

Next, at time t11, FIG. 7 illustrates that a user (e.g. company) whosubscribes to data protection services may again make their own copy,but their action of making their own copy will not affect the operationof the data backup and recovery process described herein. In the presentexample, another incremental backup copy is made at time t2. At time t2,file-list 717 is created with entries corresponding to file paths 720,722-723, and 725. In addition, if data has been newly created (i.e., C),modified (i.e., M), or is unchanged (i.e., UC) then snapshot status 731for entries corresponding to file paths 720, 722-723, and 725 is updatedto reflect the correct status as either C, M, or UC. Thus, for file-list717 at time t2 the entry corresponding to file path 720 contains datathat was modified, so the snapshot status 732 for the entrycorresponding to file path 720 is M, and the snapshot ID is 1. The entrycorresponding to file path 722 was modified, so the snapshot status 732for the entry corresponding to file path 722 is M and the snapshot ID is2. The entry corresponding to file path 723 was unchanged, so thesnapshot status 732 for the entry corresponding to file path 723 is UC,and the snapshot ID is 0. The entry corresponding to file path 724 wasdeleted, so this entry no longer exists at time t2. At time t2, an entrycorresponding to file path 725 (i.e. mnt/dir/file3) was newly created,so the corresponding snapshot status for the entry corresponding to filepath 725 is C, and the snapshot ID is 2.

In addition, the data backup and recovery process described hereinprovides functionality that ensures no single point of failure. In oneexample, file1 is only present at time t0, because file1 was copied onlyonce, and a single pointer to file1 on file-list 715 for time t0, t1,and t2 was made. However, suppose that when a compressed point-in-timebackup copy is unzipped it is determined that file1 is corrupted. Ifthere are no additional copies with corresponding pointers to them, thenfile1 would have a single point of failure. To resolve this single pointof failure, a policy can be created, wherein data backup and recoveryfunctionality 66 makes a copy of file1 at time t0, and makes a secondcopy of file1 at time t1 (i.e. even though file1 is unchanged a secondcopy is made) with pointers to the respective copies within file-list715. Thus, if file1 is somehow corrupted at time t0, there is anothersnapshot for time t1 that is available. The present example, illustratedin FIG. 7 utilizes a plurality of file-lists, but other embodiments maybe implemented by using a single file-list.

Referring now to FIG. 8, a method flow diagram for a file-list creationprocess according to an embodiment of the present invention is depicted.In one embodiment, the process described herein, with respect to FIG. 8,may be performed by data backup and recovery functionality 66 (shown inFIG. 3). In step 800, a snapshot is created. Then in step 805, asnapshot timestamp is recorded. The snapshot timestamp is a potentialrestore-point, which can be utilized if a user requests to restore dataat a specific point in time.

Next in step 810, a policy framework is utilized to determine whetherdata was newly created, existing data was modified, or existing data wasunchanged. In step 810, if data was newly created the process proceedsto step 815. In step 815, for each file path 730 (shown if FIG. 7) withnewly created data, data backup and recovery functionality 66 creates acorresponding entry is created for snapshot status 731 (shown in FIG. 7)with a value C, and an entry for snapshot ID 732 (shown in FIG. 7) witha value corresponding to a new location containing a compressed copy ofthe backup data for a given point in time. Alternatively, in step 810,if existing data was modified, the process proceeds to step 820. In step820, for each file path 730 with modified data, a corresponding entry iscreated for snapshot status 731 with a value M, and an entry forsnapshot ID 732 with a value corresponding to a new location containinga compressed copy of the backup data for a given point in time. Howeverin step 810, if existing data was unchanged the process proceeds to step825. In step 825, for each file path 730 with unchanged data, acorresponding entry is created for snapshot status 731 with value UC,and an entry for snapshot ID 732 with a value corresponding to anexisting location already containing a compressed copy of the backupdata for a given point in time.

After a corresponding entries for file path 730, corresponding entriesfor snapshot status 731, and snapshot ID 732 have been created, theprocess proceeds to step 830, where entries that may have been generatedin steps 815, 816, and 825 are merged into a single file-list. Next, instep 835, snapshot ID 732 and snapshot status 731 may be adjusted basedon policy definitions. For example, a policy which defines no singlepoint of failure can include updating snapshot ID 732 for an entrycorresponding to a file path within a file-list, in order to point to alocation of an additional copy that was made. Then, in step 840 a finalfile-list is generated, and the process ends at step 845. The file-listcreation process is an operation that may, in one example, be performedby a sub-module within data backup and recovery functionality 66.Further, the process described herein can run on a scheduled basis, andbe customized to achieve a user's requirements in accordance with theuser's (e.g. company's) recovery plan objective (RPO) and recovery timeobjective (RTO).

Referring now to FIG. 9, a method flow diagram for a restore processperformed by data backup and recovery functionality 66 (shown in FIG.3), according to an embodiment of the present invention is depicted. Inone embodiment, the process described herein, with respect to FIG. 9,may be performed by data backup and recovery functionality 66 (shown inFIG. 3). In step 900, a restore-point timestamp list is created, and auser (e.g. storage cloud administrator) who wants to perform a datarestore operation can select a timestamp from the timestamp list. Instep 905, the file-list is fetched for the corresponding timestampselected by the user. In step 910, for each file path entry in thefile-list, point-in-time compressed data is extracted based on acorresponding value in snapshot ID 732 (shown in FIG. 7), where snapshotID 732 is utilized to define the location of the compressed data for agiven point in time. In step 915, after the point-in-time compressedbackup data has been extracted, the backup data is transferred to arestore location (e.g. remote disaster recovery location 475, shown inFIG. 4B).

Next in step 920, the backup data is restored. Specifically, step 920involves extracting the backup data that was compressed, and organizingthe backup data on a set of target logical storage that is provided atthe target location (e.g., remote disaster recovery location 475). Instep 925, a configuration file is retrieved that corresponds to thetimestamp selected by the user. Then in step 930, configurationinformation from the configuration file is restored. After completion ofstep 930, the restore processes ends at step 935.

The flowchart and block diagrams, in FIG. 6, and FIGS. 8-9 illustratesthe functionality and operation of possible implementations of systems,methods and computer program products according to various embodimentsof the present invention. In this regard, each block in the flowchart orblock diagrams may represent a module, segment, or portion of code,which comprises one or more executable instructions for implementing thespecified logical function(s). It should also be noted that, in somealternative implementations, the functions noted in the block may occurout of the order noted in the figures. For example, two blocks shown insuccession may, in fact, be executed substantially concurrently, or theblocks may sometimes be executed in the reverse order, depending uponthe functionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts, or combinations of special purpose hardware andcomputer instructions.

While shown and described herein as a solution for restoration ofremotely protected data in a networked storage computing environment, itis understood that the invention further provides various alternativeembodiments. For example, in one embodiment, the invention provides acomputer-readable/useable medium that includes computer program code toenable a computer infrastructure to provide functionality forrestoration of remotely protected data in a networked storage computingenvironment as discussed herein. To this extent, thecomputer-readable/useable medium includes program code that implementseach of the various processes of the invention. It is understood thatthe terms computer-readable medium or computer-useable medium compriseone or more of any type of physical embodiment of the program code. Inparticular, the computer-readable/useable medium can comprise programcode embodied on one or more portable storage articles of manufacture(e.g., a compact disc, a magnetic disk, a tape, etc.), on one or moredata storage portions of a computing device, such as memory 28 (FIG. 1)and/or storage system 34 (FIG. 1) (e.g., a fixed disk, a read-onlymemory, a random access memory, a cache memory, etc.).

In another embodiment, the invention provides a method that performs theprocess of the invention on a subscription, advertising, and/or feebasis. That is, a service provider, such as a Solution Integrator, couldoffer to provide functionality for restoration of remotely protecteddata in a networked storage computing environment. In this case, theservice provider can create, maintain, and support, etc., a computerinfrastructure, such as computer system 12 (FIG. 1) that performs theprocesses of the invention for one or more consumers. In return, theservice provider can receive payment from the consumer(s) under asubscription and/or fee agreement and/or the service provider canreceive payment from the sale of advertising content to one or morethird parties.

In still another embodiment, the invention provides acomputer-implemented method for restoration of remotely protected datain a networked storage computing environment. In this case, a computerinfrastructure, such as computer system 12 (FIG. 1), can be provided andone or more systems for performing the processes of the invention can beobtained (e.g., created, purchased, used, modified, etc.) and deployedto the computer infrastructure. To this extent, the deployment of asystem can comprise one or more of: (1) installing program code on acomputing device, such as computer system 12 (FIG. 1), from acomputer-readable medium; (2) adding one or more computing devices tothe computer infrastructure; and (3) incorporating and/or modifying oneor more existing systems of the computer infrastructure to enable thecomputer infrastructure to perform the processes of the invention.

As used herein, it is understood that the term “program code” is anyexpression, in any language, code, or notation, of a set of instructionsintended to cause a computing device having an information processingcapability to perform a particular function either directly or aftereither or both of the following: (a) conversion to another language,code, or notation; and/or (b) reproduction in a different material form.To this extent, program code can be embodied as one or more of: anapplication/computer software program, component software or a libraryof functions, an operating system, a basic device system/driver for aparticular computing device, and the like.

A data processing system suitable for storing and/or executing programcode can be provided hereunder and can include at least one processorcommunicatively coupled, directly or indirectly, to memory elementsthrough a system bus. The memory elements can include, but are notlimited to, local memory employed during actual execution of the programcode, bulk storage, and cache memories that provide temporary storage ofat least some program code in order to reduce the number of times codemust be retrieved from bulk storage during execution. Input/outputand/or other external devices (including, but not limited to, keyboards,displays, pointing devices, etc.) can be coupled to the system eitherdirectly or through intervening device controllers.

Network adapters also may be coupled to the system to enable the dataprocessing system to become coupled to other data processing systems,remote printers, storage devices, and/or the like, through anycombination of intervening private or public networks. Illustrativenetwork adapters include, but are not limited to, modems, cable modems,and Ethernet cards.

The foregoing description of various aspects of the invention has beenpresented for purposes of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formdisclosed and, obviously, many modifications and variations arepossible. Such modifications and variations that may be apparent to aperson skilled in the art are intended to be included within the scopeof the invention as defined by the accompanying claims.

What is claimed is:
 1. A computer implemented method for remoteprotection of data in a networked storage computing environment, themethod comprising the steps of: determining a remote data protectionaction for data and associated metadata according to a policy framework;recording, by a processor, the data and the associated metadata atspecific points-in-time based on the policy framework enforcing arecovery point objective (RPO) that defines a maximum time period inwhich loss of the data and the associated metadata is allowed and arecovery time objective (RTO) that defines a duration of time in whichthe data and the associated metadata must be restored after a disruptionto a network attached storage appliance, the associated metadataincluding file system configuration information, and the networkattached storage appliance being part of a storage cluster providingcomputing storage services and offering a computing device access to acommon set of data consolidated from a plurality of user systems;copying, by the processor, the data and the associated metadata intobackup files; and generating, by the processor, a first data structurewith pointers to the backup files, based on a schedule configured toachieve the RPO and the RTO according to the policy framework, whereinthe first data structure with the pointers to the backup filescomprises: a file path associated with a status corresponding to a setof data stored at a location specified by the file path, the set of dataincluding the data and the associated metadata copied into the backupfiles; and at least one of the pointers to the backup files of the setof data stored at the location, the status indicating whether the set ofdata is newly created, has been modified since a previous backup copywas performed, or is unchanged since the previous backup copy wasperformed; and generating subsequent data structures by utilizing thefirst data structure; wherein: the pointers to the backup files of thefirst data structure prevent re-copying of unmodified data of the firstdata structure, the unmodified data having not been modified since thefirst data structure was generated.
 2. The method of claim 1, whereinthe step of recording comprises: performing an application specificwrite-suspend, a General Parallel File System (GPFS) write-suspend,recording a GPFS file system snapshot, recording a GPFS configuration,performing a GPFS specific write-resume, and performing an applicationspecific write-resume.
 3. The method of claim 1, wherein the step ofcopying further comprises: compressing a full backup copy of the set ofdata created at a first time that the step of copying is performed, andsubsequently compressing an incremental backup copy of the data and theassociated metadata.
 4. The method of claim 1, wherein: the remote dataprotection action is a pre-determined action corresponding to whetherthe data and the associated metadata is newly created, the data andassociated metadata is modified from a previously stored version; thedata and associated metadata is unchanged from a previously storedversion.
 5. The method of claim 4, wherein: the pre-determined actioncorresponding to the data being newly created is, for the file pathhaving newly created data, create a corresponding entry for a snapshotstatus and an entry for a snapshot ID, the snapshot ID including a valuecorresponding to a new location containing a compressed copy of the dataat a specified point in time.
 6. The method of claim 1, wherein the filesystem configuration information includes file system quotas, filesets,and access-control-lists.
 7. The method of claim 1, further comprising:transferring the backup files and the first data structure to a backuplocation for storage on a storage device.
 8. A system for remoteprotection and restoration of data in a networked storage computingenvironment, the system comprising: a bus; a processor coupled to a bus;a memory medium coupled to the bus, the memory medium comprisinginstructions, the instructions executed by the processor to: determine aremote data protection action for data and associated metadata accordingto a policy framework; record the data and the associated metadata atspecific points-in-time based on the policy framework enforcing arecovery point objective (RPO) that defines a maximum time period inwhich loss of the data and the associated metadata is allowed and arecovery time objective (RTO) that defines a duration of time in whichthe data and the associated metadata must be restored after a disruptionto a network attached storage appliance, the associated metadataincluding file system configuration information, and the networkattached storage appliance being part of a storage cluster providingcomputing storage services and offering a computing device access to acommon set of data consolidated from a plurality of user systems; copythe data and associated metadata into backup files; and generate a firstdata structure with pointers to the backup files, based on a scheduleconfigured to achieve the RPO and the RTO according to the policyframework, wherein the first data structure with the pointers to thebackup files comprises: a file path associated with a statuscorresponding to a set of data stored at a location specified by thefile path, the set of data including the data and the associatedmetadata copied into the backup files; and at least one of the pointersto the backup files of the set of data stored at the location, thestatus indicating whether the set of data is newly created, has beenmodified since a previous backup copy was performed, or is unchangedsince the previous backup copy was performed; and generate subsequentdata structures by utilizing the first data structure; wherein: thepointers to the backup tiles of the first data structure preventre-copying of unmodified data of the first data structure, theunmodified data having not been modified since the first data structurewas generated.
 9. The system of claim 8, wherein the step of recordingcomprises: performing an application specific write-suspend, a GeneralParallel File System (GPFS) write-suspend, recording a GPFS file systemsnapshot, recording a GPFS configuration, performing a GPFS specificwrite-resume, and performing an application specific write-resume. 10.The system of claim 8, wherein the step of copying further comprises:compressing a full backup copy of the set of data created at a firsttime that the step of copying is performed, and subsequently compressingan incremental backup copy of the data and the associated metadata. 11.The system of claim 8, further comprising instructions to: determine toperform a remote data protection process responsive to exceeding amaximum number of snapshots and an existence of a previously createdsnapshot.
 12. The system of claim 8, wherein the file systemconfiguration information includes file system quotas, filesets, andaccess-control-lists.
 13. The system of claim 8, wherein the first datastructure is implemented by utilizing at least one of the following: ahash map based data structure, database tables, and other in-memory datastructures.
 14. A computer program product for remote protection andrestoration of data in a networked storage computing environment, thecomputer program product comprising a non-transitory computer readablestorage media, and program instructions stored on the non-transitorycomputer readable storage media, to: determine a remote data protectionaction for data and associated metadata according to a policy framework;record the data and the associated metadata at specific points-in-timebased on the policy framework enforcing a recovery point objective (RPO)that defines a maximum time period in which loss of the data and theassociated metadata is allowed and a recovery time objective (RTO) thatdefines a duration of time in which the data and the associated metadatamust be restored after a disruption to a network attached storageappliance, the associated metadata including file system configurationinformation, and the network attached storage appliance being part of astorage cluster providing computing storage services and offering acomputing device access to a common set of data consolidated from aplurality of user systems; copy the data and the associated metadatainto backup files; and generate a first data structure with pointers tothe backup files, based on a schedule configured to achieve the RPO andthe RTO according to the policy framework, wherein the first datastructure with the pointers to the backup files comprises: a file pathassociated with a status corresponding to a set of data stored at alocation specified by the file path, the set of data including the dataand the associated metadata copied into the backup files; and at leastone of the pointers to the backup files of the set of data stored at thelocation, the status indicating whether the set of data is newlycreated, has been modified since a previous backup copy was performed,or is unchanged since the previous backup copy was performed; andgenerating subsequent data structures by utilizing the first datastructure; wherein: the pointers to the backup files of the first datastructure prevent re-copying of unmodified data of the first datastructure, the unmodified data having not been modified since the firstdata structure was generated.
 15. The computer program product of claim14, wherein the step of recording comprises: performing an applicationspecific write-suspend, a General Parallel File System (GPFS)write-suspend, recording a GPFS file system snapshot, recording a GPFSconfiguration, performing a GPFS specific write-resume, and performingan application specific write-resume.
 16. The computer program productof claim 14, wherein the step of copying further comprises: compressinga full backup copy of the set of data created at a first time that thestep of copying is performed, and subsequently compressing anincremental backup copy of the data and the associated metadata.
 17. Thecomputer program product of claim 14, further comprising instructionsto: determine to perform a remote data protection process responsive toexceeding a maximum number of snapshots and an existence of a previouslycreated snapshot.
 18. The computer program product of claim 14, whereinthe file system configuration information includes file system quotas,filesets, and access-control-lists.